Securing Web Apps workshop
Participants will attack Web applications with: command injection; SQL injection; Cross-Site Request Forgery; Cross-Site Scripting; cookie manipulation; and Server-Side Template Injection. We will also exploit Drupal and SAML. We will then implement network defenses and monitoring agents. We will use Burp, Splunk, and Suricata.
Prerequisites: participants should know basic security and networking. Experience with Web development is helpful but not necessary.
The workshop is structured in a CTF format. Each participant works at their own pace. The techniques will be demonstrated, with complete step-by-step instructions to lead beginners through the easy challenges. There are also harder challenges for more experienced participants. We will help participants as needed, to ensure that everyone learns new techniques.
Participants need a credit card (which won't be charged) to reserve a free Google Cloud server. All the tools we will use are freely available, and all the training materials will remain available to everyone after the workshop ends.
Visit samsclass.info to access the workshop materials.
A video of the workshop is available on the 2600 YouTube channel: